Skip to main content

Apple finally expands its bug bounty program to accept MacOS bugs

Apple’s 3-year-old bug bounty program has finally, officially expanded to accept bug submissions from other Apple ecosystem platforms, including MacOS. The technology company announced its plans for the expansion just a few months ago, during the Black Hat cybersecurity conference. Apple appears to have launched the expansion of its Security Bounty program on Thursday, December 19, via a new webpage published on its site that provides further details on the updated program.

The Apple Security Bounty program is essentially a program in which Apple incentivizes security researchers to find bugs in Apple’s various operating systems and report them to the company in exchange for a pretty sizable monetary reward. As ZDNet notes, when the program was first launched in 2016, it only accepted bug reports for iOS bugs from certain researchers who had been invited to participate in the program. But as of this week, the Security Bounty program has officially expanded to not only accept MacOS bugs, but also bugs from other Apple operating systems, and it now allows the participation of all security researchers.

Recommended Videos

The newly published webpage on Apple’s website provides details on the current iteration of the Security Bounty program, including eligibility guidelines, bounty categories (and their associated maximum rewards), and instructions on how to submit a bug report. There’s even a separate page that lists example payouts for different kinds of bugs.

Please enable Javascript to view this content

In addition to MacOS bugs, the program officially accepts bug reports for iOS, iPadOS, tvOS, and WatchOS. There doesn’t appear to be any MacOS specific-guidelines for submitting bug reports about it, but generally speaking, in order to be eligible for a bounty, researchers must follow three main guidelines:

  1. You have to be the first one to report the bug to Apple Product Security.
  2. A report must be submitted and it should be “clear” and contain “a working exploit.”
  3. You can’t publicize the bug until “Apple releases the security advisory for the report.”

It’s also worth noting that if the bug has “significant impact to users,” Apple will still take it into consideration for a bounty payment even if it doesn’t “fit the published bounty categories.” Also, the bounties themselves aren’t tiny. In fact, the smallest example payout listed was $25,000 and the largest payout appears to be $1 million.

Anita George
Former Digital Trends Contributor
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
macOS Sequoia fixes a problem that’s bugged me for years
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

Sometimes, people think it’s the big, headline features -- like Apple Intelligence -- that make an operating system great. But there’s one new feature in macOS Sequoia that shows the opposite is true -- that a collection of less glamorous, yet meaningful changes can have a much bigger impact.

I’m talking about Apple’s new iPhone Mirroring feature. Or rather, one particular element of iPhone Mirroring: its new drag-and-drop ability. Even in the few short days it’s been available, it’s managed to improve my daily workflow and fix an issue that’s been bugging me for years.

Read more
macOS Sequoia may be breaking important security tools
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

Apple released macOS Sequoia on Monday, but the update has broken the functionality for some networking and security tools from companies such as Microsoft, CrowdStrike, SentinelOne, and more, as Bleeping Computer reports. Affected users on Reddit are sharing their issues with security software such as ESET Endpoint Security and CrodStrike Falcon.

Other reported issues include firewalls causing packet corruptions, browser SSL failures, and the inability to use the "curl" or "get" commands. Users can fix the problem quickly by turning off the tools, which indicates an incompatibility issue with the network stack, but this is not the fix many may be looking for.

Read more
There’s so much more to macOS Sequoia than just Apple Intelligence
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

You can't talk about macOS Sequoia without talking about Apple Intelligence. That's a shame. Because between the delayed rollout and more limited scope, it's not the main reason to go out and install macOS Sequoia today, despite the fact that some of the new Apple Intelligence features just became available to check out in the public beta.

Don't get me wrong, an improved version of Siri, better search, and some AI-powered writing tools are all neat, but there's actually a lot more substantial features in Sequoia than just those.

Read more